Malicious Login Attempts Spike in Finance, Retail

The new 2018 State of the Internet/Security Credential Stuffing Attacks report is out, and according to the report publisher, Akamai, worldwide malicious login attempts are on the rise.

Analyzing data gathered from its Intelligent Platform and attack data from across the company's global infrastructure, researchers found approximately 3.2 billion malicious logins per month from January through April 2018. In addition, 2018 has seen 1.4 million compromised usernames and passwords.

Botnets caused a monthly average increase of 30% between May and June 2018. During those two months, researchers detected over 8.3 billion malicious login attempts from bots.

The report clarifies that not all bots are bad, but credential-stuffing botnets are particularly malicious as the goals of credential-stuffing bots are to assume identity, collect information and steal money or goods.

Reviewing an eight-month period, from November 2017 through June 2018, researchers discovered more than 30 billion malicious login attempts. Using botnets to steal login information across the web, also known as credential stuffing, results in malicious login attempts. Given the likelihood that users repeat passwords across multiple sites, financially motivated hackers are known to target login pages for banks and retailers, which is why the report focused on the financial and retail sectors.

In examining one attack in which three botnets simultaneously targeted a credit union, researchers found that one of the botnets was not triggering a spike in malicious login attempts. The stealthiest of the three turned out to be the most concerning.

“Our research shows that the people carrying out credential-stuffing attacks are continuously evolving their arsenal. They vary their methodologies from noisier, volume-based attacks through stealth-like ‘low and slow’ style attacks,” said Martin McKeay, senior security advocate at Akamai and lead author of the State of the Internet/Security report, in a press release.

“It’s especially alarming when we see multiple attacks simultaneously affecting a single target. Without specific expertise and tools needed to defend against these blended, multi-headed campaigns, organizations can easily miss some of the most dangerous credential attacks.”

What’s Hot on Infosecurity Magazine?